Passing a username and password,
or a client certificate and key,
to the transport layer is highly dependent on the transport backend.
The descriptions below are for HTTP(S) transport using LWP::UserAgent

If you want to connect to a windows server using some Windows Domain Login, please consider using Kerberos instead of the (older) NTLM mechanism - see below.

Kerberos and NTLM are (currently) mutually exclusive - when LWP::Authen::Negotiate is installed, it will always be queried (and will always raise an error), even if you don't want to use it. See http://rt.cpan.org/Public/Bug/Display.html?id=32826 for details.

You need the NTLM distribution installed to access webservices protected by NTLM authentication. More specifically, you need the Authen::NTLM module from this distribution. Note that this is different from the Authen::NTML distribution by Yee Man Chan also available from CPAN.

Your user credentials usually need to include the windows domain or the windows hostname like this:

testdomain\testuser

or

\\testhost\testuser

Besides passing user credentials as when accessing a web service protected by basic or digest authentication, you also need to enforce connection keep_alive on the transport backens.

To do so, pass a proxy argument to the new() method of the generated class. This unfortunately means that you have to set the endpoint URL, too:

If you're talking to a Server using NTLMv2 exclusively, you will only the first line in the debug output, and then an error.

To explicitely enable NTLMv2, do the following in your client:

use Authen::NTLM;
ntlmv2(1);

This globally enables the use of NTLMv2. Note that this is a global setting: All clients running in the same perl interpreter will be affected. This can cause unexpected issues when running under mod_perl.

Use the LWP::Authen::Negotiate plugin from CPAN. You need to set up GSSAPI to perform the Kerberos authentication, though. How to do this is implementation specific (MIT or Heimdahl). See your Kerberos/GSSAPI documentation for details.

(Newer) Windows Web Services usually allow to use both the Negotiate (Kerberos) and NTLM authentication scheme.

First, you would need to write a new serializer, which is quite easy, as it just creates the envelope and calls ->serialize_qualified() on $header and $body to fill them in. The new serializer has to declare all namespace prefixes used, the rest is just the same as the original XSD serializer.

In contrast to the original method, it would probably look up the appropriate prefix from some data set in the serializer class, so this could be the appropriate place to load SOAP::WSDL::XSD::Typelib::Element and override the method.

Something like this should do (without the handling of specialties like empty or nil elements):